Gigabit Ethernet's standard includes auto-negotiation and crossover detection. It uses all eight wires (4 pairs), so you need to have correctly made cables and runs. If you connect two gigabit cards to each other with a direct cable, they will automatically negotiate so that they can communicate. Also, if you connect a gigabit port to a normal 10/100 card, it should also work without needing a crossover cable.

1000BASE-LX/LH GBIC The Cisco 1000BASE-LX/LH GBIC (WS-G5486) fully complies with the IEEE 802.3z 1000BASE-LX standard. However, its higher optical quality allows it to reach 6.2 miles (10 kilometers) over single-mode fiber (SMF), compared with the 3.1 miles (5 km) specified in the standard.

CISCO 1000BASE-ZX GBICThe Cisco 1000BASE-ZX GBIC (WS-G5487) operates on ordinary single-mode fiber optic link spans up to 43.4 miles (70 km) long. Link spans of up to 62 miles (100 km) are possible using premium single-mode fiber or dispersion shifted single-mode fiber. The GBIC provides an optical link budget of 23 dB-the precise link span length will depend on multiple factors such as fiber quality, number of splices, and connectors.

When shorter distances of single-mode fiber are used, it might be necessary to insert an in-line optical attenuator in the link to avoid overloading the receiver: A 5-dB or 10-dB inline optical attenuator should be inserted between the fiber-optic cable plant and the receiving port on the Cisco 1000BASE-ZX GBIC at each end of the link whenever the fiber-optic cable span is less than 15.5 miles (25 km).

Application PerformanceWindows File Sharing [with the exception of Windows 2008 and Windows Vista native environments] was not optimized for high bandwidth operation. Windows XP is simply not capable of performing Gigabit speed file transfers out of the box when using the SMB protocol. The next generation of the SMB protocol [SMB 2.0] which has been implemented in Windows 2008 Server and Windows Vista is capable of utilizing the potential of the bandwidth available in Gigabit networks.

Testing for Gigabit Bottlenecks One of the best ways of benchmarking Gigabit network performance is to test the network while eliminating as many client based bottlenecks as possible. Using a tool that does not need to read/write from the Hard Drive is recommended. One such tool IPERF has been shown to work reliably in benchmarking performance. Many members of this forum have seen 900+ Mpbs [90% of Gigabit throughput ] between two hosts on the same network [using consumer grade Gigabit switches and laptops and or PCs with integrated [on motherboard] Gigabit adapters.

Testing for Gigabit Bottlenecks Pt 2Iperf, TTCP or netcps are all reasonable test programs that can test the network by not using disk. Most of them have implementations on Linux, Windows and Mac OS X.

In addition to I/O subsystems being a limitation, the PCI network cards can be a bottle neck as the total BW of the PCI bus is 133MB/s and gigabit is 125MB/s. Other devices on the PCI bus, which is a shared bus, can use up the bandwidth.

I want to share my internet connection between two or more computers, what do I do?

You have a few options.

1. If you are connecting to the internet directly with a windows box, you have a wizard called, appropriately enough, the Internet Connection Sharing wizard. Keep in mind that the inside interface is limited to a specific subnet. This requires two ethernet ports, and a switch if you want to share it with more than one other computer.

2. If you have a business class connection (or even some consumer grade connections) you may be able to get more than one IP from your provider. If this is the case, you can connect multiple computers with a switch, which then connects to your modem. (This is somewhat rare)

3. If you have a spare computer laying around, you can run any one of a few dozen different homebrew router/firewall combinations such as ClarkConnect, PFSense, m0n0wall, etc. The learning curve may be a bit steep if you aren't familiar with basic networking concepts.

4. (Preferred) Go to your local Circuit City/Best Buy/Fry's/other and buy yourself a decent SOHO router. Which one is up to you, and if you ask, you'll get all sorts of different answers about which brand sucks harder than the rest. The consensus around the Ars Networking Matrix seems to currently be just about any model from Buffalo, or the DLink DL4300 gaming router.

5. There are other ways, all esoteric, and likely violations of your terms of service.

Is an internet connection through a cable modem shared, while a DSL connection is a dedicated, one user per path, connection?

Yes and no. A cable modem connection is "shared" by every other subscriber on the same OSP (OutSide Plant) node that makes up the coaxial infrastructure. Most cable providers have what is called an HFC (Hybrid Fiber Coax) setup where the copper coaxial cable is converted to fiber optic lines that go back to the Head End/Hub/OTN where the signal is converted back to copper to connect to the CTMS (Cable Modem Termination System). The CMTS is then connected, usually, to a router that serves all the customers from that site.

An ADSL (Assymetric Digital Subscriber Line) connection is a one-to-one connection back to a LT (Line Termination) card on a DSLAM (Digital Subscriber Line Access Multiplexor) in the provider's CO (Central Office). The LTs have multiple connections per card which are all then multiplexed at the NT (Network Termination) card, which is in turn connected to either an ATM switch or router. In the case of an RT-DSLAM (Remote Terminal DSLAM), the NT is subtended off of a larger DSLAM in the CO.

Both connections are shared and both have the limitation of only having the aggregate bandwidth of whatever is feeding them. You could have a CMTS that has a 100Mb feed up to a multi-gigabit feed. The DSLAM could be fed by one or more T1s (up to 4 T1s arranged in an IMA configurtion are used for a lot of RT-DSLAMS) to (multi)-gigabit feed.

So if looking at just the connection back to the provider's switch/router, then cable is shared the entier path is shared while DSL is direct back to the CO, but both connections are shared overall.

Also, rates advertised by the providers are only what the circuit is provisioned at. Depending upon physical characteristics of the path, it may not even be available at the subscriber's end. When the connection is good end to end, because of the shared nature of both, the end user may not fully realize their connection speed due to congestion at the node/head end/CO.

No, really, you pretty much can't, short of connecting to a different server. A 'PING' is a more accurately known as an ICMP echo request (Internet Control Message Protocol). Basically, all it does is send a specific type of packet to a remote host (computer). The remote computer usually (but is not obligated to) responds with an ICMP echo reply. So, the time you see (usually in the tens of milliseconds) is the amount of time from when a computer sends an echo request, until it recieves a reply. This is also know as RTT (round trip time).

There is no magic formula to this. The majority of the time it takes for that packet to make the round trip is actually spent in transit. The typical speed of signal propagation in terrestrial networks (copper, fiber, etc) is around .7c, or seven-tenths the speed of light. Fast? Sure it's fast...but not so fast that it doesn't introduce some delay when travelling from your house in the burbs of Kansas City to a server in LA and back. It is not uncommon to have 80ms as a standard time to expect a packet to travel from New England to the West Coast and back.

That said, there are other factors, like congestion along the way, any queuing that prefers one type of traffic over another (say, VoIP getting preference over HTTP, which in turn is preferred over ICMP). Even server side congestion. However, you have no control over these things. If you keep getting ganked because of your 110ms ping by some guy who lives next door to the server, your only real option is to find another server.

This can be a charged question, but for the nonce, let's assume you want to make your wireless secure.

'Secure' means several things, but primarily you should be interested in two facets of security, the first being to keep unwanted people from using your bandwidth and the second to keep people from intercepting and looking at your data as it travels through the air.

============

First, I'm going to mention a couple of things that are often mistaken as security, but aren't, and a brief reason why they aren't.

1. I don't broadcast my SSID, therefore I am secure.

Wrong. All this does is prevent people from seeing your network in a standard wireless utility. Anyone actively using a wireless sniffer will see your SSID in short order.

2. I use MAC filtering, therefore I am secure.

Wrong. All this does is prevent someone from accidentally connecting to your network. It is trivial to bypass for anyone who wishes to do so (that is, anyone who knows how to use a wireless sniffer will also know how to spoof a MAC and get on your network). Further, even though it prevents accidental connections, it does not meet the second goal of security, which is to prevent someone from reading your data as it travels through the air.

There are those that will debate the above until they are blue in the face, but if you take 'secure' to mean 'only people I want to connect can connect, and no one could sniff my unencrypted traffic) then they (the points listed) are correct.

If you are reading this FAQ, then I assume you actually want your wireless to be at least this secure.

1. WEP. This stands for Wired Equivalent Privacy. Pretty strong words, and very inaccurate. WEP has been cracked. It doesn't matter if you use 64, 128, or 256 bit WEP, it's still crackable in just a short amount of time for a determined bad guy. Does this make it useless? No. It's better than nothing, if you have no other options, because it may push the casual bandwidth leecher over to an easier target.

2. WPA-PSK. WiFi Protected Access-PreShared Key. This is much better than WEP, with a few caveats. The key should be a complex phrase of some kind. 'Thisismy3rdcompl3xWPAkeysincethestartof2007' is a much better key than 'password'. There are known attacks, but so long as you use TKIP (temporal key integrity protocol) in addition to your WPA-PSK (most do, I believe) it becomes *much* more difficult to crack.

3. WPA2. (Preferred) Wi-Fi Protected Access 2 (WPA2) is an enhanced version of WPA. It is the official 802.11i standard that I mentioned previously. It uses Advanced Encryption Standard instead of TKIP (see above). AES supports 128-bit, 192-bit and 256-bit keys.

Which one of these you choose depends on several factors, but in general, you should choose the strongest that all of your desired clients will support. If you really want to have WPA2 but you have certain equipment that doesn't support it (like a gaming console) you have some other options such as installing a second Access Point on a different channel and using separate security models for each...but that goes beyond the scope of this FAQ.

A router separates some (usually small) network from a larger (often the internet) network. NAT routers hide the addresses of the internal network from the larger network, providing a rudimentary firewall and keeping the Internet from running out of IP addresses as fast. The larger network sees only the address of the router, so internal details are hidden from outside inspection.

In Diagram One and Two, the Internet can see to the router (gray line) but the internal details of the green lines are hidden. Some Applications running on these computers will need ports forwarded to them because they are hidden.

In Diagram Three we have two NAT routers between Computers B and C and the Internet. This will make it more challenging to forward ports. (I find every router and manual's terminology different, so it is not just doing the same thing twice, it includes translating what one vendor wants to another vendor) No Printer or File sharing can happen between Computer A and Computers B and C as the blue router is ‘protecting’ that green network from the red one, just as the routers in Diagrams One and Two protected the green network from the Internet. (There are scenarios where you WANT your users not to be able to share, multiple routers are one choice, VLANs may be a better choice for larger networks)

What we need to do is demote one of these routers. Many DSL modem/routers can be put in Bridge Mode, so they are just a modem. (Computer A would have to be plugged into the blue router) Many Wireless routers can be demoted to be a Wireless Access Point. Either way, we then only have one router and our problems are fewer.

To convert a Wireless router to a Wireless Access Point:

Log into the Wireless router and turn off it’s DHCP server.Then give it an IP address in the range of the other router’s IP subnet but outside it’s DHCP range.Then connect the two routers using their LAN ports (sometime marked 1 to 4) and leave the WAN or Internet port of the Wireless router empty. Once connected, the remaining 3 LAN ports on each are available for local devices.

*If you have an enterprise with multiple internal subnets, you may want many layer 3 switches, if you have many WAN links, you may want a multiport router. You (almost) never want more routers than WAN ports.

The real answer is actually pretty simple. A subnet is a group of IP addresses. In the real world, these addresses are always sequential, although there is no absolute mandate that they must be (according to the RFCs). I won't distract you any further with oddball theoretical subnets though.

In general, a subnet is, as stated, a group of IP addresses. The number of addresses in the group is a power of 2. It could be 2, 4, 8, 16, etc.

In a host connected to a network that is running TCP/IP, you'll generally have three important numeric entries related to communicating over a network with TCP/IP. (DNS is outside the scope of this FAQ). These three numbers are:

1. An IP address. This may either be statically assigned by you or and administrator, or, more likely, be given to you by a server of some type that runs DHCP (dynamic host configuration protocol)

2. A Subnet Mask. This number allows your computer to determine how large of a subnet it is on. That is to say, it defines how many possible IP addresses are *local* to this machine. More on this later.

3. A default gateway. While this is an optional entry, if you don't have one, you won't be able to communicate with a host on any other subnet. The default gateway must be on the local network (the same subnet) as the machine that is trying to communicate with it.

So just how does all this stuff work? It's best to just give an example.

When your machine wants to communicate with another machine, it first resolves the IP address of that machine (by whatever mechanism, usually DNS, but it's not important right now). It then needs to make a decision about whether or not that resolved IP address is local (on the same subnet) or non-local. It does this by comparing it's own address and subnet mask with the other machine's IP.

If both IPs fall in the same subnet, then your machine ARPs for it's local hardware/ethernet address. ARP stands for address resolution protocol, and is a way for machines on the same subnet to resolve IP addresses to a lower layer address. It is done by sending a broadcast to every active machine on the network and asking "hey, who has 192.168.1.2?" for example. Again, not totally required for understanding subnets, but useful nonetheless.

Anyway, back to the subnet. So it compares two IP address and a subnet mask...but how?

Well, a subnet mask consists of 32 binary digits. It is usually denoted as a series of four octets such as 255.255.255.0, but the reality is it's simply a long string of ones and zeroes that tells a machine what the size of a subnet is. Any digit in the subnet mask that is a 1 denotes that it stands for a network address. Any digit in the subnet mask that is a 0 denotes that it stands for a host address.

So if I have 255.255.255.0, I can rewrite it as:

11111111.11111111.11111111.00000000

This tells me that the first 24 digits of any IP address with this mask is what denotes the network (subnet) that the host resides on...and the last 8 digits denote which host on that particular subnet we are referring to.

So, going back to my example where your machine (192.168.1.1) is trying to communicate with 192.168.1.2, your machine performs a comparison (a Boolean AND operation) between its IP address

11000000.10101000.00000001.00000001

and its mask

11111111.11111111.11111111.00000000

To get:

11000000.10101000.00000001.00000000

(192.168.1.0)

This is our network (local subnet) address. We also know from basic math that there are a total of 8 bits worth of addresses for local hosts or 256 total addresses on that subnet. Since we know that the network address has a last octet of .0 (the first in the contiguous group) then the top address must be .255.

So, our local network is 192.168.1.0-192.168.1.255. Since the other machine falls inside this range, we know it must be local and therefore we can ARP for it.

If, on the other hand, you wanted to communicate with 192.168.2.1, it wouldn't fall within the range we just calculated, so therefore we would have no choice but send the packet to our default gateway. Think of the default gateway as a 'last resort'. If it ain't local, I don't know where it is, but I'll trust that my DG does and will take care of it for me.

In the real world, you will often see a subnet mask referred to by a 'slash number' such a /24. All this means is that the first 24 bits of the mask are ones...therefore the same as 255.255.255.0. Please note that a 'slash' mask is also known as a CIDR mask (Classless Inter-Domain Routing). A /24 is NOT necessarily a class C network. Classful networking is essentially dead, as it had limited utility. If you want to know What denotes a class, it actually boils down to the first few digits of the subnet mask. I'll list them below the following, far more useful table of real subnet masks.

*There is no /32 because that would mean we have a network with no valid host addresses. That would be silly, now wouldn't it? The /31 is not terribly common. I've only ever seen it on Cisco gear for point to point links. It is used to conserve addresses.

It looks pretty simple when you chart it out and notice the ones marching across the mask towards the right as the size of the subnet gets smaller

So who determines what mask to use? Well, typically your administrator sets the mask size on the DHCP server or any statically assigned addresses. A very, very common mask is /24, which allows up to 254 hosts (256 total address, minus one address for a broadcast, which is always the address with every host bit set to 1, and a 'network' address to denote the network we're on). In the end, the mask is chosen based on the projected number of hosts in the subnet. Whichever mask provides enough addresses, without going overboard and wasting them, is what is chosen. The following masks allow the following number of hosts.

It's all powers of 2, baby. You may notice one small thing, though. The number of hosts possible on a subnet is always two less (one for subnet and one for broadcast addresses...with the exception of a /31 which doesn't use them) You don't need to remember these numbers those, because thanks to good old algebra, we know that the number of hosts possible is directly related to the number of hosts bits (n) by the formula

2^n-2

Quite simple, really.

And, as I promised, if you really want to know what a classful network looks like, you must know the address. Classful networks have a presumed range (which we can denote with a CIDR number)

All classful networks begin with the same series of digits within each class as follows:

Thanks in large part to some unclear marketing speak in the SOHO market, it happens frequently that people come around and ask for a "four port router" when what they really want is a SOHO router with an integrated four port switch. So, what's the deal with all this then, Dorothy?

In general, each of the three items in the post topic correlate to a specific layer of the 7 layer OSI model which defines how networks operate. (That's a topic for another post)

So, let's go ahead and define them:

1. Hub

A Hub is a device that allows two or more hosts to be connected to the same network segment. In an ethernet network, all hosts on the same segment see all frames present on that segment. In fact, the term segment stems from older coaxial technology where each segment of coax cable could have numerous hosts on it. This is also known as a 'collision domain' since if two hosts try to communicate at the same time, their electrical signals will quite literally 'collide' on the wire, creating confusion and messing up communications. The mitigate this, each host also senses these collisions and if it detects one, it backs off for a random amount of time, and then tries to send again. Without getting too esoteric, just remember that large collision domains are bad. Other things that are important to know about hubs are the following:

Hubs are powered devices that will actively repeat any signal that comes in one port out of all the other ports. A two port hub is commonly just called a repeater. A modern hub is really a multiport repeater.

Hubs operate at roughly layer 1.

Hubs can regenerate pre-amble.

Every device connected to a hub sees every frame generated by every other device on that hub. This is obviously quite inefficient, since each host then has to inspect that frame to determine whether or not the frame is destined for it.

A hub still can have a valid use in modern networks, since this broadcast nature of it allows one to insert a hub into an otherwise private link and use another port on it to sniff traffic.

A hub can only be half-duplex.

2. Switch

A switch is a device that allows two or more devices to be connected to the same subnet. Note the subtle difference between that sentence and the first sentence used to describe a hub, above. The difference is between "segment" and "subnet". Whereas a segment just meant a group of hosts in a particular collision domain (remember...large collision domain==bad), a switch reduces the number of hosts in collision domains to two. It does this by treating each port as a *bridge*. A bridge is a device that links two or more segments together, but is smart enough to begin remembering which hosts are connected to which port. The first bridges were generally just two port devices with large tables (commonly called ARP tables, MAC tables, or forwarding tables...among other things) assigned to each port. As time progressed, it made more sense to design a network with one host per switchport, and thus you ended up shrinking your collision domain and increasing your network's efficiency and overall throughput because now you didn't have all these hosts colliding, backing off, colliding again, etc. A switch is technically just a multiport bridge. Some things to keep in mind about switches:

A switch reduces collision domains (though you can still end up with certain types of collisions, but they are rare)

A switch can be half or full duplex.

A switch still occasionally floods (or repeats out every port) information. This occurs when either it doesn't know the location of a layer 2 address that information is being sent to, or when a host sends a specific layer 2 broadcast, such as an ARP.

Most switches operate at layer2.

Some switches operate at layer3 (or higher), and thus perform the same function as a router, only faster and with more ports (most of the time).

Switches may be 'dumb' (unmanaged) or 'smart' (managed), in that there may be specific things that can be configured on them such as VLANs, QoS, STP, and many other protocols that operate at layer 2. They don't require all this fancy stuff to be considered a switch, though. All they need to do is be able to maintain forwarding tables at layer2 to be a switch.

3. Routers

A router is a device that connects one or more subnets. Again note the difference between this statement and the one about switches above it. Routers are generally more complex than hubs and switches, in that they can be expected to do much more than just forward frames as fast as possible. Firstly, they need to take frames, and rebuild them with new source and destination MAC addresses. They often need to make decisions about which way to forward packets. Sometimes they even strip and replace certain layer 3 information (such as is common in SOHO style routers which perform NAT...or Network Address Translation). Routers may also make priority decisions regarding which type of traffic gets forwarded first. Routers also provide an important function in that they will *not* forward broadcasts from one subnet into another and vice versa. This helps to limit the overall amount of traffic that gets shoved around the internet/networks these days. Here's what you need to know:

Routers operate at layer 3.

Routers separate broadcast domains (subnets)

Routers are generally more complex than hubs or switches.

Routers are what help other hosts send packets to remote destinations, by acting as a gateway for hosts. In some larger scenarios, not all routers are acting as gateways to hosts, but usually they act as a gateway to, at least, other routers.

Some routers perform address translation.

Routers generally require more memory and processing power than switches (and definitely more than hubs) because of the more complex forwarding logic, NAT tables, and other things that take place at layer 3.

VLANs are one of life's great mysteries. No one knows what they are, where they came from, why they are here, or why we choose to refer to them with an acronym. Okay...I'm fibbing again.

A VLAN is a Virtual Local Area Network which, despite sounding somewhat ludicrous is actually quite a handy idea.

In a normal LAN, most hosts are connected together into a broadcast domain by one or more switches operating at layer 2. (see above FAQ--Hubs and Switches and Routers, Oh My!) When connected together via layer 2 switching, hosts generally only see traffic that is coming or going between them and another host (or gateway). They also, however, do see every layer 2 and layer 3 broadcast frame/packet. A broadcast is, as its name implies, a frame or packet destined for every host in the subnet/network.

Where do broadcasts come from? Well, lots of different applications, services, and hosts will send broadcasts for a variety of reasons. It suffices to say that as your network grows, so does the amount of broadcasts on it, which begins to reduce overall network efficiency.

In the distant past, one way to prevent a network from growing too large was to install new switches in your infrastructure, and to connect them via routers to your existing network(s). Obviously, this requires more money, more power, more cabling, and more administration than a single set of switches...especially if you want to logically group people together in the same VLAN even though they may be in different buildings.

Enter the VLAN.

In its simplest form, a VLAN is simply a way to divide a single switch into one or more virtual LANs/networks. No broadcasts will flow between them, even though they reside on a physical switch. Essentially, you can tell a switch that certain ports are in one VLAN, and other ports are in another VLAN. It is also worthy of noting that in any VLAN capable switch, even if you don't configure any VLANs, there is always at least one...it is called the 'default' VLAN, and it is untagged (though is usually assigned an ID number for ease of administration).

But (and there's always a 'but', right?) leave it to networking folks to immediately demand more from the technology available to them.

What if we want to limit the broadcasts between VLANs, but still want to allow traffic between them? Well then we have to find some way to route between the two different networks. One easy way would be to find a two port router, and connect one port to VLAN1, and one port to VLAN2, and let the traffic flow.

But what happens when we start adding VLANs? Well, obviously we'd have to start adding more routing ports (which, back in the day, could have been extremely expensive).

Further, what happens when we want the same VLANs on more than one physical switch?

In each of the two scenarios above, we have to provide a way for the switches and router(s) to distinguish between frames from VLAN 1, VLAN 2, etc.

Enter 802.1Q (also known as VLAN tagging)

VLAN tagging allows us to add a 4 byte overhead to each frame that designates which VLAN that frame belongs to. If a switch sees that tag, it knows that it can strip off the 4 byte tag, and forward it to any port belonging to that particular VLAN.

If a router sees that tag, it knows which VLAN/network/subnet it came from, and can make appropriate routing decisions based on whatever the administrator has set it up to do.

In addition, when you connect two switches together, you may want to trunk VLANs between them. Trunking just means that you are going to pass any permitted VLAN to go down that link, without removing the tag. (This is sometimes referred to as a TAGGED link by some vendors...it essentially tells the switch that, while it's okay to send a particular VLAN tag down that link, don't bother to strip the VLAN tag, because the next host downstream will still need to know that information.

You can ALSO send tagged frames to a router via a trunk. Why? Well, if you do it that way, then you don't need to supply a router port for every VLAN you have. This is often called 'router-on-a-stick'.

Finally, just to make things really confusing, you can have a port that is designated as both tagged and untagged, though this is usually very task-specific, and usually relates to VoIP installations where a computer or other hosts sits behind the internal switch of a VoIP phone.

Some examples

Here is a single switch with a single (Default) VLAN. In this example, every host on the switch can communicate with every other host on the switch. All frames that pass between the switch and the hosts are untagged. (It is worth noting that default VLANs are untagged by, well, default.)

Here is a single switch with more than one VLAN. In this example, hosts A and B can communicate with each other, as can hosts C and D, but A/B can't communicate with C/D and vice versa. All frames that pass between the switch and the hosts are untagged.

Here are two switches, each with the same two VLANs. In this example, hosts A, B, W, and X can communicate, as can hosts C, D, Y, and Z. All frames from the switch to the lettered hosts are untagged. All frames between the two switches are tagged.

Here is a switch with three VLANs, connected via a trunk to a 'router-on-a-stick'. All frames between the switch and the hosts are untagged. All frames between the switch and the router are tagged. Hosts A, B, and C may or may not be allowed to communicate, depending on the rules set up on the router.

Here's a quick one I hacked out, based on a field call I got last week. I've got some other ideas for others, but, those will take time.

The state of VLAN interfaces (SVIs)Cisco-specific

While the state of physical and line protocol statuses reported for normal interfaces are well understood, there is often quite a bit of misunderstanding as to the states reported for VLAN interfaces, more properly referred to as switched virtual interfaces, or SVIs. This can cause a great deal of confusion when an SVI is reported as down, especially with junior personnel.

The line protocol state is up or down dependent upon the states of ports assigned in that VLAN on the device. If you see an SVI in an up/down state, it means that all ports active in that VLAN are in a down state. This is normal behavior and should be expected.

The physical state of the interface should never change from "up." If it does, and you see the interface in down/down status, this means that the VLAN itself is no longer configured on the device. Depending on the type of device and configuration, this can mean a number of things, including (but not limited to) misconfiguration, corruption or loss of the vlan.dat file, or a problem with VTP. To correct this, simply re-create the VLAN, either in global configuration mode or VLAN database mode, depending on the device. If the device is a VTP client (not recommended for a router), verify configuration on the VTP server(s).

This problem is most commonly encountered during device deployment, when the SVI is created and the VLAN itself is overlooked.

SOHO: it is unlikely that jumbo frames will make any difference in transfer speeds. Sometimes jumbo frames will lower CPU usage.

Enterprise: it is unlikely that jumbo frames will make any performance difference. Two exceptions: long big pipes (delay 50ms+ and gigabit all the way though), jumbo frames may help OSs with bad TCP SACK schemes, and SAN where jumbo frames help encapsulate an entire command in a frame (some NFS situations). You will probably know in advance that jumbo frames will help.

Service Provider: It is unlikely that jumbo frames will make any performance difference. Jumbo frames can help you encapsulate QinQ tunneling in your infrastructure. Since the 802.1q header adds another 4 bytes, you may need larger than regular ethernet frames. You probably already know this since QinQ tunneling needs the MTU set when you configure it.

Cat5/5e/6/6a...What does it all mean? Which do I need to run Gigabit? What's up with 10G and beyond?

Each category rating of UTP (unshileded, twisted pair) is a system designed to ensure that all cabling used in a specific ethernet network meets minimum electrical characteristics required to successfully transfer data to the 100 meter specification limit. In general, the newer categories have more precise tolerances, and are tested to higher baseband frequencies on each pair of conductors. They will also have improved noise-rejection characteristics due to higher twist rates. This also generally means they become more difficult to work with.

Gigabit ethernet (IEEE 802.3ab) *only* requires properly terminated Cat5 cabling or better to run at full gigabit speed. The specification specifically calls for it. It runs at 125Mbaud per conductor pair, and thus requires all four pair to be properly terminated.

If your link negotiates to '1000' or 'gigabit', then you can safely assume it's at least terminated in the proper order. So long as the cabling is cat5 rated or better, then you can also assume it will work without introducing undue errors.

In certain environments, you *may* get improved performance from buying more expensive (but unnecessary for the spec) cable, but this is going to be a very limited and rare circumstance usually related to environmental EMI factors. In those cases, you'd be better off running fiber anyway.

Updated per forum request, 12/5/2011

Q: So, do I need Cat6?A: No. You still don't need it. There is no specification that calls for it. There have been some fairly well performed setups that show Cat6 can carry 10G ethernet up to 55 meters, but that's not supported in any official capacity. That also presumes that you have properly terminated your Cat6, and used all Cat6 or better bits and pieces (such as jacks and patch panels), and it ALSO requires some properly terminated STP to match the published annex. Keeping in mind that Cat6 is still more expensive, and is more difficult to work with, as of the time of this writing Cat5e is still the recommended cabling for anything up to gigabit ethernet.

Q: Okay smart guy, then what do I use for 10G?A: Cat6a. Good luck, but presumably if you can afford 10G switching, then you can afford someone to install your Cat6a properly. More likely, right now you'd use fiber since it is by far the most ubiquitous media for 10G ethernet installations.

Q: Wait, is 10G really that expensive?A: Yes. Even though price-per-port has come very far down, most 10G is still running over fiber. 10G copper ports are very expensive. 10G fiber ports typically also require Optics (read: more $$). Unless you have host gear AND switches that support DAC (a method for 10G over specialized copper runs up to 15 meters in length), you'll likely be using fiber.[/strike]

updating 5/30/13: 10G has come down quite a bit, and in some instances (such as chassis servers in a datacenter) you will probably want to use DAC to avoid the cost of optics. This isn't likely to be the case in your home.

Q: But I want to future-proof my network! LAWLS about 640k being enough for anybody!A: It's admirable to want to 'future-proof' your network. But, as stated earlier, there is no standard that calls for Cat6, at least with respect to any mainstream networking technology such as 10G. If you *really* want to future-proof your network, and aren't just interested in cardinally higher numbers, then spend the money to install conduit and pull strings with your cable installation. Conduit is the single best thing you can do to ensure your future-proofiness.

Q: So what about these upcoming 40G and 100G networks? What do I need for those?A: If you have to ask...A(2): 40G and 100G are largely proprietary schemes right now. Some are simply multi-channel, bonded-on-ASIC technologies that don't actually provide single-stream throughput at those speeds. Some vendors do offer true single-stream devices that support these speeds, and they are just now being rolled out in support of high-end research networks, and in some cases mobile (or other) backhaul in dense environments. In any event, you can't afford it. You probably never WILL be able to afford it. Even if you can afford it, you really don't need it. You almost certainly never will need it, in a residential scenario. For some quick mental gymnastics, assume a full length, double-layer Blu-Ray disc which contains about 50GB of data. You can transfer that over 100G Ethernet in approximately 5 seconds. And that's the full movie, and all the extra content. It would take you on the order of 1500 times longer to consume the content than it would to transfer the content. A losing proposition at any scale. If that's not enough to convince you, you know that 2TB array you built? 100G will fill it in a little over 3 minutes. (Which won't actually happen, because your drives aren't nearly fast enough to keep up with the network at that point)

Wireless Router - usually consists of three internal parts 1. NAT router, 2. Wireless Access Point, 3. 1 to 16 port wired switch (4 port is most common) You can connect wireless clients via the WAP or wired clients via the switch. (In general, a wireless router cannot be used to connect wired clients to a wireless network, although there are rare exceptions)

Wireless Access Point - a device that attaches to a wired network to allow wireless clients. Usually has a single port of wired ethernet.

Wireless Bridge - a device that attaches to a wireless network to allow wired clients. If it only has one wired port, it may be called a Wireless Gaming Adapter. In the consumer market, Client Bridges attach to Wireless Routers or WAPs. In the enterprise market, point to point bridges are used in pairs.

WDS extender or repeater - allows wireless devices to connect to a (weak) wireless network. One downside of a repeater is that bandwidth is halved.

To demote the typical wireless router to a Wireless Access Point

Follow this 3 part plan:

1) Turn off the DHCP server in the wireless router.

2) Configure the wireless router to be in the address space of your main router at an unused address, ideally outside the DHCP addresses.

3) Hook the wireless router to the main router via the LAN ports (often labeled 1-4, you may need a cross over cable in older equipment) The WAN or Internet port of the wireless router remains empty. Once connected, the remaining 3 LAN ports on each are available for local devices.

UPDATE: If you are using Vista, and having periodic lag spikes of 1 or more seconds, please read cputeq's post on this issuehere.

Replace your wireless connection with a wired connection. Seriously. That's it. Just because you have a friend in Wichita who pwns n00bs over wireless doesn't mean it's going to work for *you*. There is no magic "program" that is going to fix it. There is no way to "fix your lag". It's wireless, it's inherently unstable and prone to interference from all manner of devices, including other wireless users. It's also a shared medium. That is equivalent to replacing your switch with a hub...and letting everyone in the neighborhood plug into it.

The most common antenna style is the Omni directional, it sends signal evenly in every horizontal direction, but tends not to send signal up or down, the higher the dB, the more it is sending on a flat plain perpendicular to the antenna (if your antenna is not upright, that flat plain may be tilted to horizontal, almost always a bad idea)

Horizontal Strength

Vertical Strength

Patch or Panel antennas are mildly directional, they leak signal in every direction but favor one side (good if your router is at one end of the house)Horizontal StrengthVertical Strength

A Yagi antenna is directional as well, it leaks less than a panel. Good for Point to Point use outdoors, easy to aim.

Horizontal Strength

Vertical Strength (should be rotated 90 degrees, I think)

Parabolic Dishes are Very directional, often very finicky about the aiming, they are so directional, I prefer a Yagi if the range is under 2 miles.

Signal Strength

The Traditional connector is N female

Enterprise WAPs and consumer routers often use RP-SMA

Also common on consumer routers is RP-TNC Internal wireless cards often use 2 U.FL

RP-SMA and RP-TNC are reverse polarity connectors specific to wireless networking. They are designed not to interoperate directly with SMA and TNC connectors used in other microwave frequency equipment.

When Ethernet was designed, it was supposed to be half duplex, one device transmitted at a time, every other device was listening to it. With Unshielded Twisted Pair switches, Ethernet gained separate transmit and receive pairs of wire and each device only saw frames destined for them. This allows each device to transmit and receive at the same time, full duplex, with the switch buffering frames so there are no collisions. (Although the buffers can overflow)

10baseT used a Link Pulse to determine which ports had devices active and which didn’t.

The N-Way Auto-negotiation protocol encodes information into this pulse which states what speeds and duplexes the electronics is capable of. If both devices send a encoded link pulse, they choose the fastest common speed/duplex they both are advertising. If there is no encoding in one direction, a parallel detection method is used for speed and duplex is assumed to be half. (Note that the cable itself does NOT get a ‘vote’ in deciding how fast to transmit, weak cabling can sabotage Auto-negotiation)http://en.wikipedia.org/wiki/Autonegotiation

If you cannot set BOTH ends of a cable, never hard code one end to full duplex, it will not work (well). If ether end is on Auto and not seeing encoded pulses, it WILL set to half duplex.

On home networks, you frequently have no control of the duplex at the router/switch port. Leaving the computer/printer Network Interface Card set to Auto or half is safe, setting it to full will slow down your network dramatically. Only if you DO have the ability to set the port on the router or switch to full is it safe to set the computer/printer to full. (you still need to ask yourself ‘When would I rather this link failed, than have it slow down automatically if conditions got bad?’)

So, if Auto-negotiation is so wonderful, why would you ever NOT want to Auto-negotiate?

Link Pulses are only a feature of UTP Ethernet, if this cable run contains a portion of Fiber or Coax via a media converter, you need to hard code the entire length of the run to the Protocol the non UTP part knows. (not your entire network, just the one port on each end of that run)

Auto-negotiation was standardized after 100baseT was, so there exists a body of 10baseT and 100baseT devices, that do not do Auto-negotiation. (Mostly from the mid 90’s and before)

Worse, some Vendors produced odd interpretations of the Auto-negotiation standard, Apple, Lexmark,. and Cisco included, so some devices that think they can do Auto-negotiation, can’t.http://www.versiontracker.com/dyn/moreinfo/macos/325 for Apple Rev A-D iMac, Power Macintosh G3 (Blue and White only), and 1999 PowerBook G3 (Bronze only) systems running MacOS 9, as an example. (a completely anecdotal observation is that some Cisco users were so burned by this that they STILL don’t use Auto-negotiation)

And, as noted above, if your cable has split pairs, bad termination, or you are using recycled barb wire for your twisted pair, Auto-negotiation makes no provision for bad cable. It will constantly change from 10/half to 100/full until you intervene. (In Windows, setting duplex is up to each individual NIC vendor, so there is no standardized screen that applies to all PCs)

A dhcp request from a device cannot cross a broadcast domain by default. When a machine starts up, it sends out a layer 2 and layer 3 broadcast in an attempt to find it's DHCP server. So, instead of having a DHCP server on each vlan, you use the command IP Helper-address to forward that dhcp request from the broadcast domain it is on, to the dhcp server and back.

For example, you have your master dhcp server on the ip 10.0.0.20 on a /24 network in Vlan 10

You have a VLAN number 20, and its ip address is 10.0.1.0/24

When a machine plugged into VLAN 20 issues a DHCP request, it will not get an IP becuase the DCHP server is on a seperate broadcast domain.

So, In windows, on the dhcp server, add a second scope for the 10.0.1.0/24 network.

Go to the cisco device, get to the enable console, and from the global configuration, enter:interface vlan 20ip helper-address 10.0.0.20End

If you have multiple vlans on two or more switches, and want to connect the swtiches and share traffic from those vlans, you need to "Trunk" your uplink ports.

Go to the switchport you are using as your uplink between switches.

go to the global config, then the interface config. This will usually be a ten gigabit interface, or gigabit interface.

Cisco Commands can be concatenated so you only need to use the minimum amount of characters to differentiate between similar commands. IE;int te1/1 is the same as interface tengigabit1/1.

So lets say you have a catalyst 4948 with ten gigabit uplinks.

You would type:

Int te1/49switchport trunk encapsulation dot1qswitchport mode trunk

Do this on all the uplinks you have, while replacing the int xxxY/Y command, and you now have a trunk between your switches passing vlans. If you want, you can also set up what vlans you want to allow on the trunk, but for now this will get you going.

There is also an older trunking protocol developed by Cisco called ISL (inter switch link) thats older and cisco gear specific) dot1q will work across vendors.

VTP is used to configure vlans on one server, and have those changes propagate to other switches in the vtp domain. Even if you only have 2 switches, this is usually a good idea,

There are two vtp versions, 1 and 2For basic configs, all you need to know is, vtp version 2 is if you need to include token ring.

So, go to global config mode. Set the switch you want to use as the master vtp server, and enter the following commands:

VTP mode serverVTP domain (type in a name here)VTP password (make this a secure password)end

On the switches you want to sync to this vlan config enter the following from global config mode:VTP mode clientVTP domain (same name as the VTP Server domain Name)VTP password (same password)end

If you want to have a switch not sync to vtp, set the vtp mode to transparent. Why would you do this? If you have the CapEx to spend, you try to keep the different security level interfaces on seperate physical switches if possible.

Loop back interfaces are not enabled by default on Cisco devices, you need to enable them by assigning them an IP. These are also known as management ports. They can be used for out of band management.

So lets say you have a catalyst 4948 switch. That management port right below the console port is the management interface.

To "open it up" go to the global config. Type:

interface loopback0/1ip address xxx.xxx.xxx.xxx yyy.yyy.yyy.yyyend

If you show the running config after that, you will see a new interface show up.

You want to send The Great American Novel you are writing to your buddy on the other side of the US, so he can critique it

You send one postcard and ask that he writes back when he gets it, when you get his reply you send one more postcard, and so on.

Latency prevents you from ever completing this file transfer. You first post card (1500 characters) takes 3 days to get to him. It takes him 5 minutes to read it. His reply takes 3 days to get to you. You write the next post card in 5 minutes. then wait another 6 days. Buying nonstandard postcards so you can write 9000 characters per card will not really help this problem either, although it can’t hurt (if they even fit in the PO Box) and may reduce his fragmented memory when reading 1500 letters every 6 days.

Thankfully FTP does not work this way! (Gaming and VOIP do work this way somewhat, they are interactive)

What one does is NUMBER the postcards, and send out many postcards at a time, then wait for him to get all of them and write back.

If you wrote 43 postcards (about 3 hours at 5 minutes each) and mailed all of them, then when you got a reply saying he read all 43, send another 43.

If you increase this to 2048 postcards per batch, you will spend all 6 days writing the next batch, so you never quit writing just because the Postal Service is slow, you are now read/write bound, not network bound. If a post card gets lost (not that my mail ever gets lost, mind you) the reader knows what one to request you send again, but at a 6 day cost in ever reading all the novel.

What could go wrong? What if the reader’s PO Box cannot hold 2048 postcards? Massive postcard loss! You should never transmit more then the receiver can hold in his PO Box. TCP will never use a Transmit Window higher than the receiver’s Receive Window. To get more throughput, you can set a higher RWIN value on the client computer. (This is usually the one you control anyway)

Windows 95 and 98 have a default RWIN of 8760 bytes, Windows 2000 and XP have a default RWIN of 17520 bytes, Linux has a default of 65535 bytes. If you have a stock Win98 box and a stock Win2000 box on the same DSL line, chances are the Win2000 box has much higher throughput. The computer may not be faster, but it can have more frames enroute to/from the servers. You can raise RWIN above 64k, but it is less straightforward.

If your network has frame loss, a smaller RWIN will cause less of a disruption when a frame gets lost, RWIN has no good effects of gaming, but for good old FTP downloads on a reliable network a large RWIN is a good thing. It even lowers the client’s need to send ACKnowledgement frames, so they have more upstream throughput.

Asymmetric Speed for Upload/Download [Why are my downloads so much faster than my uploads?]

Most Internet protocols [FTP/HTTP/NNTP to name a few] are asymmetric in nature

- The user sends a stream of small packets to request the given content [be it a web page or a large file]. - The web server will then try to package the requested content in the post efficient way [usually a much larger and longer stream of much larger packets]. - The server and client will then continue to converse ensuring that that traffic is being received.

Many network access technologies such as DSL were designed with this nature of traffic in mind [why waste resources on spectrum that no one will use]. Since spectrum and processing power in the "modem" are limited, one will want to allocate as much spectrum or bandwidth to the most utilized side [the downstream or download direction].

Users are at a constant struggle to measure the speed of their Internet connection against the speed advertised by the Service Provider. The multitude of "Speed Test" sites out on the Internet attempt to measure these speeds by using little applets to download and upload a file back to their servers.In order for any speed test to be accurate, the home user must ensure that the connection is not being used by anyone else at the time of test. While speeds tests may help identify a fault, it is difficult to diagnose a problem based on the results.

One must keep in mind that all of the "Speed Test" sites have limited amounts of bandwidth and server processing power. There could be 5 or 500 users hitting the server at the same time testing their speeds. No one result from any site, no matter how well trusted by the Internet community can be used as conclusive evidence. One must always try to get data from multiple sources and sites before jumping to any conclusions about possible performance problems. The collection of such data in an organized manner often has a great deal of pull with service providers. An organized response to a provider with times and dates of occurrences, can help providers analyze logs to see where problems may lay.

When used correctly, bandwidth tests at various test points can help to identify the following problems;

- physical access problem between the computer and the router [two speed tests, one over wireless and one wired, on the same computer showing drastically different results could point to a problem with the wireless signal]. To minimize any interference, bandwidth tests should be done from a wired port on a router.

- performance suffering on only one computer on the LAN [given similar hardware specs, two computers on the LAN should see similar performance] failure to do so requires further analysis of the slower performing machine

- faults or performance of the last mile link to the provider [As a starting point, one should try to use the speed test site provided by their own provider. While this may not be a test of "Internet" performance, it can help eliminate the last mile [the link between the user and the Internet Provider as the source of the problem. If one cannot attain proper speed on the last mile, link, tests further out on the Internet will often be no better [this is assuming that the providers speed test server is performing properly]

- time based congestion [The connection is always slow between 4:00 PM and 8:00 PM but is fast at other times of the day. All networks will have peeks of usage. This is largely dependent on demographics of the users base [the 4-8PM slowdown has historically been young children returning from school surfing when they get home]. Doing a bandwidth test to the same set of speed test sites at variable times [8 am, 12PM , 4PM, 10PM, 1AM] can help to determine if your connection is impacted by congestion at particular times of day. Doing such tests a few days apart can eliminate anomalies such as a holiday or a snow day where usage may be much higher than normal

- destination based congestion [Some sites will be slower than others, this may be due to physical distance which will affect latency or just sheer load on the sites servers. Bandwidth is still a very expensive commodity. Popular websites can become overwhelmed with traffic [due to the launch of a new game demo for example] and their performance will suffer. As a general rule, one should chose servers that are closes to them. These servers are more likely to report a speed that is not influenced by high latency between the test server and the client

I mention BT in this FAQ since it has been demonstrated the BT is just too much to handle for the cheapest of consumer grade routers. Users need to understand that if they choose to run BT clients un-throttled the performance of their internet connection will suffer. BT seems to be the biggest recent offender that generates all that upstream traffic.

Effect of Upstream Saturation on Download Performance

The ratio of upstream/downstream traffic is protocol dependent. Some protocols may require 10% of the download capcacity on the upstream, in order to download at 10Mbps, 1Mbps is required on the upstream to keep up with acknowledgements. If a host is unable to acknowledge receipt of traffic from the server without any impedance or slowdown, the performance of the download/ downstream data transfer will suffer.

Given that a higher end cable modem user has a 10/1 connection [10Mbps Downstream/1Mbps Upstream] and that BitTorrent is active and running, how will the users downloads be affected?

- Users must ensure that applications can co-exist with one another, allocating limits [when needed] on the applications upload capacity. Applications will often try to utilize 100% of any bandwidth they can find. Limiting applications what will run simultaneously to their own percentage of bandwidth can help ensure that no applications is adversely affected. Most P2P apps have thresholds that users can set for both the number of peers as well as the upstream bandwidth [often measured in KB/sec] that the application is allowed to use.

- In addition to bandwidth saturation, BitTorent especially can have a significant impact on the routers performance. The nature to BitTorrent traffic [many connections to many remote hosts] forces the router to work much harder than it was designed to. Every conversation [session between two BT hosts] takes a toll on the routers processing power and memory. Other protocols such as FTP while transferring very large amounts of data do so with a minimal amount of TCP sessions. Not having been designed to handle hundreds or thousands of simultaneous sessions, the average home router has a hard time keeping up.

Failure to leave adequate bandwidth available for upstream acknowledgments, can mean that even low bandwidth tasks such as surfing a text based web site will be slowed down as the home router is forced to queue up its acknowledgement packets in a stream of P2P traffic.

For example, when creating a domain for your office PC intranet, don't call it mycompany.com, especially if you even have the faintest wish to actually own the domain name mycompany.com and put a website there. Active Directory is based on DNS so if your LAN computers all think they are on the authoritative domain for mycompany.com, yet your website is hosted on some virtual server or at another datacenter, you're going to have a hard time reaching the server for your own website.

Instead, use something like mycompany.office or mycompany.intranet, yes it is not a real TLD, that is the point. You don't want to be confusing your local PCs by telling them they are participating on (and your name servers are authoritative for) a domain that either don't own, don't actually host, or host somewhere else. It's messy and it creates lots of problems down the road.

- Next, add that 'A' record for your domain in your MS DNS server. Seems like everyone misses this one so your www.mycompany.com website works but mycompany.com doesn't. Usually in MS DNS this is the funny looking '@' host entry that you never knew what it was. Make that an A record that goes to the same IP as your 'www' host entry and the world and its web surfers will thank you.

- Change the host names on your LAN PCs. No one knows what OWNER3245ht means when they're browsing the network shares. Even worse, when you are trying to figure out why that hostname has a connection to TCP port 1433 on every other machine on the LAN, you're going to have a much harder time tracking it down than if you have implemented a proper naming scheme like, AccountingPC204-NWCampus.mycompany.office. Of course, putting a matching label on the front of the machine will help too. Best part, those great hostnames you assign will be registered in your DHCP server so you can track an IP to a computer and then a location in seconds instead of hunting ARP and MAC address tables all day.

- If you're running Bind name server, update it. Nothing worse than an old Bind8 server leaking its guts all over with a poisoned cache or doing rogue zone XFERs or whatever. While you're at it, change your RNDC keys and keep your root servers up to date. Microsoft issues patches for that stuff so don't forget to keep yours up to date as you patch or update Bind. They're usually listed in the new named.conf that comes with the new source distribution.

- People, check your secondaries. I've seen so many times, the secondary server or even tertiary server on a domain registration is either too slow, lame (non-authoritative or whatnot), or altogether dead. People don't notice it at first because they always hit the first one but when that one fails, you're going to be dead in the water, and I have seen *some* registrars that reverse the order of name servers on a registration for no apparent reason. You never know how many people are out there trying to get to you and giving up because it takes too long to timeout and try the other server.

- My last tip for now: if you have an IP allocation, get your reverse DNS straight. Even if you think you're not using the IPs in question or it doesn't matter because they're not for an MTA or whatever, just do it. It's polite, it's makes other people's lives easier, and it makes you look sharp, especially if you do it right and make your forward and reverse DNS agree.

Cisco IOS supports several dynamic routing protocols, including EIGRP, OSPF, IS-IS, and BGP. Each has its own benefits and drawbacks. A succinct CCNP-level comparison is available here, in the form of individual reference guides (PDF format):

Well, that's a bit tricky. We are going to assume here that you aren't an ISP, aren't a multinational conglomerate enterprise, and aren't someone who regularly uploads 10's of terabytes to JPL and NASA.

We are going to assume that you are someone with one or more networkable devices at your home, that you wish to provide internet access for, at the same time.

In general, if you ask 10 people what the 'best' Small Office/Home Office (SOHO) router is, you'll get 10 different answers.

Before we get to the meat of the recommendations, please understand that you can easily check the hardware stats for yourself. The main thing to compare when doing apples-to-apples between two or more routers is memory. Memory is the single most important factor in a router being able to handle what you want it to do. This is especially true if you run torrents. Each session takes up memory. More memory==more sessions. If you want a side-by-side feature comparison, again, google is your friend.

If you want gigabit switching on your LAN, don't be afraid to buy a separate gigabit switch. Unless you are getting better than 100Mbit/100Mbit from your ISP, you don't need to worry about having a "gigabit" router. If you want it 'all-in-one', then once again, just google it.

As of this writing (04/2008) the consensus around here seems to be:

1. Buffalo (if you can find one...they are embroiled in some legal trouble in the US, and aren't currently shipping)

2. Linksys WRT54GL (the reason the GL is recommended is because it runs a linux based distribution, and is easily flashed to any of numerous third party firmwares such as Tomato or DD-WRT. Check the appropriate 3rd party website for hardware (and version#) compatibility BEFORE you buy.

3. Cisco ASA5505. You can't go wrong with Cisco, but you certainly pay for that privilege.

4. Dlink DGL4300 (was pretty good this time last year...apparently it has enough memory to handle quite a bit of torrenting.)

If you really, really, absolutely MUST ask for a recommendation in the matrix, then please use the search first...the topic comes up several times per week. Unless you really are a unique snowflake, you probably don't require anything different than anyone else.

5. Asus WL-500g Premium- the openwrt router of choice for Asterisk or media server due to being able to add USB drives (flash or HD). Much like the L in wrt54GL is important, so is the Premium in Asus WL-500G Premium. If you don't need a bunch of features from OpenWRT like asterisk or other stuff that eats disk space, a wrt54GL is probably fine.

ProblemSometimes when online gaming over wireless and using Windows Vista, you may experience intermittent lag or pauses. As everyone knows, these usually lead to online death and are very annoying. Assuming there is no other causes such as game server/ISP troubles, hardware problems or misconfigured software, Here is how I solved my particular issue:

Root CauseApparently Windows Vista will poll for a new wireless network availability about once every 60 seconds. As far as I know, there is currently No GUI option to disable this and it must be done through the command prompt.

Checking for SymptomYou want to constantly ping your router for at least a minute or two to check for abnormally long ping times. This is done by:

------------------Open a CMD prompt window and type:

Ping -n 500 [insert your router IP here]

------------------

Usually, most routers are something like 192.168.1.1 or -100.1, etc.

On nearly every connection, a normal ping will be sub-10ms, and usually closer to 1ms. You're looking for a ping much longer than normal. In my particular case, I would get a single 3-sec ping every minute or so.

Solution:

First, you want to find the name of your Wireless connection. Windows Vista defaults to the aptly named "Wireless network Connecton", but to be sure, here's how to check:

Again, at a CMD prompt, type

ipconfig

and hit enter.

Windows will list one or more network adapters, the connection type, and whether they're connected or not and any IP information.

Special Note : This particular fix solved my problem, even though I was getting intermittent lag pockets!. Sometimes I would get 5-6 lag spikes in one minute, other times I could go a minute or more without a lag spike. For some strange reason, though, disabling this polling cleared all my problems. Tested this fix on about 1 hour of gaming and all was well.

From limited reading, I don't think this option is enabled if you reboot windows. If you happen to reboot a lot, it may help to create a simple batch file and add this batch to your startup folder. If you have strange connection problems after a router reboot or other disconnect, make sure to enable autoconfig again! Then, once you're connected, it's safe to disable it before any gaming sessions.

Most carriers/ISPs will not accept or advertise any IPv6 subnet smaller than a /48. Think long and hard about this before you try to multihome your fancy new IPv6 webstack.

The nifty part is that you can't get anything larger than a /48 unless you pass ARIN's test which effectively states you have to document that you are using 93% of your /48 already assigned.

UPDATE: Strike a blow for rationality! As of early 2011, ARIN has changed their stance and it is now much easier for an enterprise (any company with multi-site, multi-homed design) to get blocks larger than /48.

Catch 22? You betcha. Your only outs are:

1. Convince ARIN to either repeal their policy, or that you are indeed using 93% or more of your existing allocation

or

2. Convince the carriers to start inter-advertising routes smaller than /48 (unlikely, because the routing tables will become absolutely huge).

Good luck! Please note: this post has been edited from its original form at the behest of others, to provide more content, and because it couldn't be deleted after so much time. Hopefully the content is relevant to someone.

Why are there no topics about NAS (Network Accessible Storage) in the Networking Matrix?Almost no questions anyone has about NAS concern the network cable. Almost all questions have to do with Hard drives (Other Hardware) or software. So NAS questions all get moved out of the Network Matrix as quick as we can.

The general recommendations are the same. However you can get a "professional" device for far cheaper than a Cisco ASA now in the Fortinet product line. There are a wide variety of products, ranging from the FortiGate 20C/30B to the FortiWifi 50B/51B, available in the $200-1000 range for various needs. Unlike the other products, the Fortinet devices are UTM solutions and can do more than just firewall your network, they can do URL filtering, Intrusion Detection/Prevention, AV and Email filtering, and a few others. These features DO cost extra and incur subscription fees, but are very simple to configure for the novice and expert alike.

Look for features such as PCIe interface to ensure connectivity with modern motherboards and WPA2 encryption for security.

More wireless network types listed as compatible is generally desirable as it indicates either a card with multiple radios or a higher quality SoC design which tends to coincide with high performance and higher quality drivers. The 5 Ghz band seems to be less crowded, 2.4 Ghz is more compatible with older equipment.

Mainstream manufacturers such as Intel tend to supply more reliable drivers and management software but many different manufacturers are fine for home use.

Network card performance and features may change wildly from one hardware revision to another (even within the same model name and manufacturer), so be sure to check user reviews for hands-on experience before buying and buy from reputable retailers that offer a reasonable return policy.

How can I get better wireless coverage? I can't pull a wire in my home/apartment/condo/mom's basement.

Okay, I'll say this again.

Wireless is for convenience, not performance or reliability.

Yes,I understand you have the most awesomest Apple/MS/Google device ever, with a bazillion jiggathingies per second, and you want to stream Linux ISOs to your HTPC so you can McCardle your frablitz. I mean, we all do.

Yes, I understand that your AP/SOHO router is actually located in Lincoln's left nostril, way in the back, somewhere in South Dakota, and running a wire from there to your bathroom is problematic, but dagnabbit, you NEED full-rate BD streaming when you're on the john!

So what is a boy to do?

First, check your antenna orientation. No, I'm not suggesting you send it to Vermont to get married, I'm suggesting you think of it as if it was a pole sticking through a donut. Which is totally non-sexual. Stop it, you pervert. At any rate, if you think of the donut, which is straddling your antenna, I said stop it, as the field of irradiation, then you start to see what I'm getting at.

Seriously, right now, put your left thumb up in the air Like Fonzzy, and then reach over with your right hand and firmly grasp your left thumb. Where your right hand is? That's where the signal strength is, with respect to your SOHO router/AP combo.

Got poor signal upstairs? Then you just go ahead and tilt one of those antenna back down such that it's "donut" is now rolling on its side like a huge invisible tire that has come off a truck. Not so sexy now, is it?

You're done. That's it. It's the best you can do. No...I said stop it. You will NOT get better performance or coverage by adding APs, using anything that says "mesh", or casting archaic voodoo charms and spells.

Run a wire.

Yes, I know...the gods have fated you with the curse of having the single, only, ever, solitary instance of a home that consists of a particular set of physics that prevent you from pulling a wire. Were you to even ATTEMPT such a thing, you would rend the very fabric of space and time, and be cast into a never-ending abyss of torment, pain, and popular music. But I repeat myself.

Run a wire.

Yes, you can. You really can. It's not that hard. Grab yourself a spool of Cat5/5e, or just take one of those long patch cable from work. Trust me, they won't miss the one you pull out of that mangled mess of thousands of old patch cables. Just don't pull the one out of that box with the blinking lights. That would be bad.

Now, consider where you *are*, versus where you want to be. Imagine the old MUD methodology of always sticking to the left wall, and how far it will be before you are in a new, central location in which you deploy your fancy new Samungonysysgeardlink home broutergarble. How far was that? Was it far? Does it concern you how far it was? Was it over 328 feet? No? Then you're fine. See? You just ran a wire.